« Self Service and EDM | Main | Business Intelligence Pipeline | Survey Says, 'Follow The BPM Template'... To A Point »

Sarbannes-Oxley Ideas and Suggestions

Two recent postings on Search CIO around work AMR did on Sarbannes-Oxley caught my eye today - SOX: Seven steps to CYA and SOX: New rules for year two. In these John Hagerty of AMR makes a couple of great points:

In addition to reducing employee time, automated testing of controls enables companies to stop bad things from happening as they occur, not after the fact. To do this, companies can embed testing of internal controls right into the business processes themselves...

Now this is a clear call to use business rules, at least to me. The advantage of automation is clear from the articles but what is the additional advantage of automating with a business rules management system?

  1. Business rules can be numerous, especially for larger more complex companies. Business rules management systems have the repository, reporting etc you need to MANAGE these rules, not just implement them. As John points out "SOX is a process, not a project" - you will have to evolve over time.
  2. This kind of compliance tends to be better understood by those executing the process not by those writing the software. Good business rules technology will let you expose the rules being enforced to those who understand them so that they can do ongoing maintenance and tuning, in response to the feedback they get from dashboards etc, rather than having to ask IT to do it.
  3. Using a business rules management system to implement some kind of compliance decisioning backbone puts companies in a position to implement other kinds of company-wide decisions consistently, something that will help them get more value over time from this investment.

John says that "By automating the testing of some of these internal controls, you will reduce the cost of compliance by upward of 25%, and we think that is actually pretty conservative." I would have to agree with him - these are the kinds of cost savings we have seen from using business rules in other circumstances.

So, treat SOX as a process and an opportunity and use business rules to automate it for lower costs, better results and more long term opportunities.

Posted by FICO on September 08, 2005 at 11:07 AM in Compliance |

First time on the EDM blog?
Subscribe to the EDM blog feed or check out some other recent posts:

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83451629b69e200d8348a65c353ef

Listed below are links to weblogs that reference Sarbannes-Oxley Ideas and Suggestions:

Comments

Dick From

I happened to stumble across your Sept 8 2005 article on SOX and followed the permalink to see more. Business rules implemetations miss a more fundamental problem: actually managing information to its best effect. If a company wants to change fiscal years or pay cycles, this has precisely zero impact on the underlying business information on which fiscal reporting and paychecks are based. All we're doing is taking a different view of what we already know ... changing the business rules if you will. Business rules are simply a reflection of how we want to use information, not on what the information is.

The problem is, even with business rule concepts, we're still not developing systems that effectively develop and organize information for any prurpose for any set of rules. If we had, SOX compliance would be a matter of looking at properly managed information in another way. The next compliance issue would be the same without creating a mini-industry that takes advantage of and compensates for rather than solving an underlying failure to deal with information effectively. Business rules are the "trip." What we need is an effective information vehicle so we don't have to build a new "car" each time we need to go someplace new.

In essence we need to understand infromation more throroughly than we do so we can act on information instead of reacting to changing rules, processes, and expectations.

Posted by: Dick From | May 15, 2006 at 09:53 AM

James Taylor

Dick
You make a good point - data (information) is important. I also agree that some business rules, though not all, are a band-aid to compensate for bad information management. I do think that compliance has two sides - managing the information and ensuring that decisions taken on that information are clearly compliant.
I also think one can use business rules to help manage information. There are a couple of posts on this http://edmblog.fairisaac.com/weblog/2006/02/business_rules__1.html and http://edmblog.fairisaac.com/weblog/2006/02/interesting_rul.html

Posted by: James Taylor | May 15, 2006 at 12:20 PM

Post a comment

Comments are moderated, and will not appear on this weblog until the author has approved them.

If you have a TypeKey or TypePad account, please Sign In.

Search Site


  • dmblog.fico.com

Subscribe

  • enter your email

Recent Comments


 Subscribe to this Blog

Recent Posts

Contact Us | Discussions | Resources | Try Our Products | Get in Touch | Partners | DM Community | FICO.com

© 2012 Fair Isaac Corporation. All rights reserved. | Privacy Policy | Terms of Service